<?php
session_start();
//error_reporting(0);
$ses_username = (isset($_SESSION['username'])) ? $_SESSION['username'] : '';
if($ses_username != "")
{
	include "./config/connection.php";
  
	$passwordlama = trim($_POST['passwordlama']); 
	$passwordlama = encrypt_password($passwordlama);
	
	$passwordbaru = trim($_POST['passwordbaru']);
	$passwordbaru_en = encrypt_password($passwordbaru);
	
	$konfirmasipassword = trim($_POST['konfirmasipassword']);
	
	$ganti=FALSE; $pesan='';
	if(!empty($passwordlama) || !empty($passwordbaru) || !empty($konfirmasipassword)){
		if($passwordbaru == $konfirmasipassword){
			$sql="SELECT * FROM admin WHERE username = '$ses_username' AND password = '$passwordlama'";
			$qry=mysql_query($sql);
			$data = mysql_fetch_array($qry);
			if(mysql_num_rows($qry) > 0 && $data['password'] == $passwordlama){
				$re = mysql_query("UPDATE admin SET password='$passwordbaru_en' WHERE username = '$ses_username'");
				if($re){
					$pesan='Ganti Password BERHASIL';
					$ganti=TRUE;
				}
				else{
					$pesan='Ganti Password GAGAL';
				}
			}
			else{
				$pesan='Password Lama yang Anda masukkan SALAH';
			}
		}
		else{
			echo 'Password Baru dan konfirmasi password harus sama';
		}		
	}
	else{
		echo "Semua field harus diisi";
	}
	
	echo "<script>alert('$pesan');</script>";
	if($ganti) echo '<meta http-equiv="refresh" content="0;URL=home.php">';
	else echo '<meta http-equiv="refresh" content="0;URL=gantipassword.php">';
}
else {   
    include 'warning.php';
}
?>